Managed SOC Services logo

Managed Security Operations Center Services

Managed SOC Services logo
Managed SOC Services logo

Managed Security Operations Center Services

By IS4IT GmbH

The Security Operations Center identifies potential threats and recommends countermeasures to prevent or mitigate cyberattacks. The primary goal of a SOC is to ensure comprehensive monitoring and analysis of information security to early identify and address potential security incidents. Effective integration into the client's Security Incident process is crucial for its effectiveness.

Delivery method

Download

The services include the following key areas: - Operation of the necessary components for the SOC - Provision of the required SIEM licenses - 24x7 security analysis and investigation - Threat intelligence and escalation for critical incidents - Security consulting in response to changing threat landscapes - Event documentation and reporting

SIEM-System-Management

The SIEM system management involves the operation of the deployed SIEM components. Regular checks ensure that the environment remains stable throughout the entire contract period. These checks include examinations of memory usage, disk utilization, as well as internal QRadar processes. Additionally, regular updates of the QRadar systems are maintained, meaning that patches provided by the manufacturer are regularly applied.

Unscheduled deployment of security patches

If the manufacturer releases critical vulnerabilities (with a CVSS score of 9 or higher), the standard patch cycle is deviated from, and the patch is applied to the production environment after successful testing in the development and staging environments.

Logsource-Management

A Logsource lifecycle is also meaningful for an SIEM system. To remove old Logsources from the system, SOC platform engineers delete Logsources that haven't sent any events to the SIEM for 90 days. This improves the visibility for security analysts and, consequently, the quality of the service.

Setting Up Use Cases

The setup and maintenance of Use Cases in the SIEM, including the associated Playbooks in SOAR, are included in the monthly flat rate up to the contractually agreed-upon quantity. An SIEM Use Case can either come from the manufacturer or be specially developed for the environment. After the acceptance of the Use Case, it is actively handled by the Cyber Security Analysts and counts towards the total quantity.